mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2025-12-31 17:30:29 -06:00
d2d33e4d48
* Harmonize Keycloak client configurations with built-in IdP
This change makes the Keycloak client configurations consistent with the built-in IdP:
1. Standardized client IDs to match built-in IdP:
- web (unchanged)
- OpenCloudDesktop (was random ID)
- OpenCloudAndroid (was random ID)
- OpenCloudIOS (was random ID)
- Cyberduck (simplified ID)
2. Updated domain names to use .eu consistently:
- Changed from opencloud.com to opencloud.eu for mobile apps
- Changed from hardcoded domains to templated {{OC_URL}} values
3. Updated redirect URIs to match built-in IdP format:
- Added specific callback paths for web client
- Removed wildcarded ports for desktop client
4. Changed mobile/desktop clients to public clients (equivalent to native app type)
5. Enhanced docker-entrypoint-override.sh to handle {{OC_URL}} template variables
These changes ensure a consistent authentication experience regardless of
whether users are using the built-in IdP or Keycloak.
* Harmonize Keycloak client configuration with client JSONs
Update the realm configuration to match the client configuration JSON files:
1. Update client IDs to match client JSON files:
- Changed 'xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69' to 'OpenCloudDesktop'
- Changed 'e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD' to 'OpenCloudAndroid'
- Changed 'mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1' to 'OpenCloudIOS'
2. Fix additional client properties:
- Fix client names: Use proper capitalization for all clients
- Fix OAuth redirect URIs for Android and iOS to use .eu domain
- Fix Desktop URIs by removing wildcard asterisks
- Update post-logout redirect URIs to match client JSONs
- Set publicClient flag to true for all mobile/desktop clients
These changes ensure that when the realm is imported during deployment,
the client configurations will match the client JSONs exactly.
* Update web client configuration in Keycloak realm
Harmonize the web client configuration in the realm:
- Add 'OpenCloud Web App' client name
- Change URLs to use {{OC_URL}} template variables
- Update redirect URIs to use specific paths instead of wildcard
- Set backchannel logout URL to use templated URL
This completes the harmonization of all client configurations in the realm.
* Revert template variable approach in Keycloak configuration
Reverted templating changes to match upstream conventions:
1. Removed template variable handling from docker-entrypoint-override.sh
- Removed {{OC_URL}} replacement, keeping only domain replacement
This maintains compatibility with the upstream approach of using direct URLs
with domain substitution instead of template variables.
* Fix remaining old client ID references in role mappings
Updated the remaining references to old client IDs in the role mappings section:
- xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69 → OpenCloudDesktop
- e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD → OpenCloudAndroid
- mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1 → OpenCloudIOS
This ensures all client ID references throughout the realm configuration are
consistent and use the simplified IDs.